diff options
author | Stefan Bühler <stbuehler@web.de> | 2015-11-22 22:22:20 +0000 |
---|---|---|
committer | Stefan Bühler <stbuehler@web.de> | 2015-11-22 22:22:20 +0000 |
commit | b0a44212724d86b9ec8434337d53de69780f1a07 (patch) | |
tree | 8f68994c728bc8a8bd06594d663afcfc979b9d0d | |
parent | 85d8a17575d8eba2f830f6c15283a45773fa78d8 (diff) | |
download | lighttpd-git-b0a44212724d86b9ec8434337d53de69780f1a07.tar.gz |
[core] refactor base64 functions into separate file
Differential Revision: https://review.lighttpd.net/D6
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3053 152afb58-edef-0310-8abb-c4023f1b3aa9
-rw-r--r-- | src/CMakeLists.txt | 2 | ||||
-rw-r--r-- | src/Makefile.am | 16 | ||||
-rw-r--r-- | src/SConscript | 2 | ||||
-rw-r--r-- | src/base64.c | 233 | ||||
-rw-r--r-- | src/base64.h | 19 | ||||
-rw-r--r-- | src/http_auth.c | 125 |
6 files changed, 265 insertions, 132 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 4bc0c9a3..6cb2f3c8 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -474,7 +474,7 @@ add_definitions(-DHAVE_CONFIG_H) include_directories(${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR}) set(COMMON_SRC - buffer.c log.c + base64.c buffer.c log.c keyvalue.c chunk.c http_chunk.c stream.c fdevent.c stat_cache.c plugin.c joblist.c etag.c array.c diff --git a/src/Makefile.am b/src/Makefile.am index 84f815d8..2ac8415b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -56,7 +56,7 @@ BUILT_SOURCES = parsers versionstamp MAINTAINERCLEANFILES = configparser.c configparser.h mod_ssi_exprparser.c mod_ssi_exprparser.h CLEANFILES = versionstamp.h versionstamp.h.tmp -common_src=buffer.c log.c \ +common_src=base64.c buffer.c log.c \ keyvalue.c chunk.c \ http_chunk.c stream.c fdevent.c \ stat_cache.c plugin.c joblist.c etag.c array.c \ @@ -294,20 +294,6 @@ proc_open_SOURCES = proc_open.c buffer.c proc_open_LDADD = $(LIBUNWIND_LIBS) proc_open_CPPFLAGS= -DDEBUG_PROC_OPEN -#gen_license_SOURCES = license.c md5.c buffer.c gen_license.c - -#ssl_SOURCES = ssl.c - - -#adserver_SOURCES = buffer.c iframe.c -#adserver_LDADD = -lfcgi -lmysqlclient - -#error_test_SOURCES = error_test.c - -#evalo_SOURCES = buffer.c eval.c -#bench_SOURCES = buffer.c bench.c -#ajp_SOURCES = ajp.c - noinst_HEADERS = $(hdr) EXTRA_DIST = \ mod_skeleton.c \ diff --git a/src/SConscript b/src/SConscript index ddfc695e..f7dc203f 100644 --- a/src/SConscript +++ b/src/SConscript @@ -8,7 +8,7 @@ Import('env') def GatherLibs(env, *libs): return env['LIBS'] + [libs] + [env['APPEND_LIBS']] -common_src = Split("buffer.c log.c \ +common_src = Split("base64.c buffer.c log.c \ keyvalue.c chunk.c \ http_chunk.c stream.c fdevent.c \ stat_cache.c plugin.c joblist.c etag.c array.c \ diff --git a/src/base64.c b/src/base64.c new file mode 100644 index 00000000..79045e0b --- /dev/null +++ b/src/base64.c @@ -0,0 +1,233 @@ +#include "base64.h" + +/* reverse mapping: + * >= 0: base64 value + * -1: invalid character + * -2: skip character (whitespace/control) + * -3: padding + */ + +/* BASE64_STANDARD: "A-Z a-z 0-9 + /" maps to 0-63, pad with "=" */ +static const char base64_standard_table[66] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; +static const short base64_standard_reverse_table[128] = { +/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */ + -1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x00 - 0x0F */ + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x10 - 0x1F */ + -2, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, /* 0x20 - 0x2F */ + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -3, -1, -1, /* 0x30 - 0x3F */ + -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 0x40 - 0x4F */ + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, /* 0x50 - 0x5F */ + -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 0x60 - 0x6F */ + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 0x70 - 0x7F */ +}; + +/* BASE64_URL: "A-Z a-z 0-9 - _" maps to 0-63, pad with "." */ +static const char base64_url_table[66] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_."; +static const short base64_url_reverse_table[128] = { +/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */ + -1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x00 - 0x0F */ + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x10 - 0x1F */ + -2, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -3, -1, /* 0x20 - 0x2F */ + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, /* 0x30 - 0x3F */ + -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 0x40 - 0x4F */ + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, 63, /* 0x50 - 0x5F */ + -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 0x60 - 0x6F */ + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 0x70 - 0x7F */ +}; + +unsigned char* buffer_append_base64_decode(buffer *out, const char* in, size_t in_length, base64_charset charset) { + unsigned char *result; + size_t out_pos = 0; /* current output character (position) that is decoded. can contain partial result */ + unsigned int group = 0; /* how many base64 digits in the current group were decoded already. each group has up to 4 digits */ + size_t i; + const short* base64_reverse_table; + + switch (charset) { + case BASE64_STANDARD: + base64_reverse_table = base64_standard_reverse_table; + break; + case BASE64_URL: + base64_reverse_table = base64_url_reverse_table; + break; + default: + return NULL; + } + + result = (unsigned char *) buffer_string_prepare_append(out, 3*(in_length / 4) + 3); + + /* run through the whole string, converting as we go */ + for (i = 0; i < in_length; i++) { + unsigned char c = (unsigned char) in[i]; + short ch; + + if (c == '\0') break; + if (c >= 128) return NULL; /* only 7-bit characters allowed */ + + ch = base64_reverse_table[c]; + if (-3 == ch) { + /* pad character; can only come after 2 base64 digits in a group */ + if (group < 2) return NULL; + break; + } else if (-2 == ch) { + continue; /* skip character */ + } else if (ch < 0) { + return NULL; /* invalid character, abort */ + } + + switch(group) { + case 0: + result[out_pos] = ch << 2; + group = 1; + break; + case 1: + result[out_pos++] |= ch >> 4; + result[out_pos] = (ch & 0x0f) << 4; + group = 2; + break; + case 2: + result[out_pos++] |= ch >>2; + result[out_pos] = (ch & 0x03) << 6; + group = 3; + break; + case 3: + result[out_pos++] |= ch; + group = 0; + break; + } + } + + switch(group) { + case 0: + /* ended on boundary */ + break; + case 1: + /* need at least 2 base64 digits per group */ + return NULL; + case 2: + /* have 2 base64 digits in last group => one real octect, two zeroes padded */ + case 3: + /* have 3 base64 digits in last group => two real octects, one zero padded */ + + /* for both cases the current index already is on the first zero padded octet + * - check it really is zero (overlapping bits) */ + if (0 != result[out_pos]) return NULL; + break; + } + + buffer_commit(out, out_pos); + + return result; +} + +size_t li_to_base64_no_padding(char* out, size_t out_length, const unsigned char* in, size_t in_length, base64_charset charset) { + const size_t full_tuples = in_length / 3; + const size_t in_tuple_remainder = in_length % 3; + const size_t out_tuple_remainder = in_tuple_remainder ? 1 + in_tuple_remainder : 0; + const size_t require_space = 4 * full_tuples + out_tuple_remainder; + const char* base64_table; + size_t i; + size_t out_pos = 0; + + switch (charset) { + case BASE64_STANDARD: + base64_table = base64_standard_table; + break; + case BASE64_URL: + base64_table = base64_url_table; + break; + default: + force_assert(0 && "invalid charset"); + } + + /* check overflows */ + force_assert(full_tuples < 2*full_tuples); + force_assert(full_tuples < 4*full_tuples); + force_assert(4*full_tuples < 4*full_tuples + out_tuple_remainder); + force_assert(require_space <= out_length); + + for (i = 2; i < in_length; i += 3) { + unsigned int v = (in[i-2] << 16) | (in[i-1] << 8) | in[i]; + out[out_pos+3] = base64_table[v & 0x3f]; v >>= 6; + out[out_pos+2] = base64_table[v & 0x3f]; v >>= 6; + out[out_pos+1] = base64_table[v & 0x3f]; v >>= 6; + out[out_pos+0] = base64_table[v & 0x3f]; + out_pos += 4; + } + switch (in_tuple_remainder) { + case 0: + break; + case 1: + { + /* pretend in[i-1] = in[i] = 0, don't write last two (out_pos+3, out_pos+2) characters */ + unsigned int v = (in[i-2] << 4); + out[out_pos+1] = base64_table[v & 0x3f]; v >>= 6; + out[out_pos+0] = base64_table[v & 0x3f]; + out_pos += 2; + } + break; + case 2: + { + /* pretend in[i] = 0, don't write last (out_pos+3) character */ + unsigned int v = (in[i-2] << 10) | (in[i-1] << 2); + out[out_pos+2] = base64_table[v & 0x3f]; v >>= 6; + out[out_pos+1] = base64_table[v & 0x3f]; v >>= 6; + out[out_pos+0] = base64_table[v & 0x3f]; + out_pos += 3; + } + break; + } + force_assert(out_pos <= out_length); + return out_pos; +} + +size_t li_to_base64(char* out, size_t out_length, const unsigned char* in, size_t in_length, base64_charset charset) { + const size_t in_tuple_remainder = in_length % 3; + size_t padding_length = in_tuple_remainder ? 3 - in_tuple_remainder : 0; + + char padding; + size_t out_pos; + + switch (charset) { + case BASE64_STANDARD: + padding = base64_standard_table[64]; + break; + case BASE64_URL: + padding = base64_url_table[64]; + break; + default: + force_assert(0 && "invalid charset"); + } + + force_assert(out_length >= padding_length); + out_pos = li_to_base64_no_padding(out, out_length - padding_length, in, in_length, charset); + + while (padding_length > 0) { + out[out_pos++] = padding; + padding_length--; + } + + force_assert(out_pos <= out_length); + + return out_pos; +} + + +char* buffer_append_base64_encode_no_padding(buffer *out, const unsigned char* in, size_t in_length, base64_charset charset) { + size_t reserve = 4*(in_length/3) + 4; + char* result = buffer_string_prepare_append(out, reserve); + size_t out_pos = li_to_base64_no_padding(result, reserve, in, in_length, charset); + + buffer_commit(out, out_pos); + + return result; +} + +char* buffer_append_base64_encode(buffer *out, const unsigned char* in, size_t in_length, base64_charset charset) { + size_t reserve = 4*(in_length/3) + 4; + char* result = buffer_string_prepare_append(out, reserve); + size_t out_pos = li_to_base64(result, reserve, in, in_length, charset); + + buffer_commit(out, out_pos); + + return result; +} diff --git a/src/base64.h b/src/base64.h new file mode 100644 index 00000000..b720372a --- /dev/null +++ b/src/base64.h @@ -0,0 +1,19 @@ +#ifndef _BASE64_H_ +#define _BASE64_H_ + +#include "buffer.h" + +typedef enum { + BASE64_STANDARD, + BASE64_URL, +} base64_charset; + +unsigned char* buffer_append_base64_decode(buffer *out, const char* in, size_t in_length, base64_charset charset); + +size_t li_to_base64_no_padding(char* out, size_t out_length, const unsigned char* in, size_t in_length, base64_charset charset); +size_t li_to_base64(char* out, size_t out_length, const unsigned char* in, size_t in_length, base64_charset charset); + +char* buffer_append_base64_encode_no_padding(buffer *out, const unsigned char* in, size_t in_length, base64_charset charset); +char* buffer_append_base64_encode(buffer *out, const unsigned char* in, size_t in_length, base64_charset charset); + +#endif diff --git a/src/http_auth.c b/src/http_auth.c index 4fff8109..e5b351ef 100644 --- a/src/http_auth.c +++ b/src/http_auth.c @@ -3,6 +3,7 @@ #include "http_auth.h" #include "inet_ntop_cache.h" #include "stream.h" +#include "base64.h" #ifdef HAVE_CRYPT_H # include <crypt.h> @@ -62,101 +63,6 @@ static void CvtHex(const HASH Bin, char Hex[33]) { handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s); -static const char base64_pad = '='; - -/* "A-Z a-z 0-9 + /" maps to 0-63 */ -static const short base64_reverse_table[256] = { -/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x00 - 0x0F */ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x10 - 0x1F */ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, /* 0x20 - 0x2F */ - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, /* 0x30 - 0x3F */ - -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 0x40 - 0x4F */ - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, /* 0x50 - 0x5F */ - -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 0x60 - 0x6F */ - 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 0x70 - 0x7F */ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x80 - 0x8F */ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x90 - 0x9F */ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xA0 - 0xAF */ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xB0 - 0xBF */ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xC0 - 0xCF */ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xD0 - 0xDF */ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xE0 - 0xEF */ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xF0 - 0xFF */ -}; - - -static unsigned char * base64_decode(buffer *out, const char *in) { - unsigned char *result; - unsigned int j = 0; /* current output character (position) that is decoded. can contain partial result */ - unsigned int group = 0; /* how many base64 digits in the current group were decoded already. each group has up to 4 digits */ - size_t i; - - size_t in_len = strlen(in); - - result = (unsigned char *) buffer_string_prepare_copy(out, in_len); - - /* run through the whole string, converting as we go */ - for (i = 0; i < in_len; i++) { - unsigned char c = (unsigned char) in[i]; - short ch; - - if (c == '\0') break; - - if (c == base64_pad) { - /* pad character can only come after 2 base64 digits in a group */ - if (group < 2) return NULL; - break; - } - - ch = base64_reverse_table[c]; - if (ch < 0) continue; /* skip invalid characters */ - - switch(group) { - case 0: - result[j] = ch << 2; - group = 1; - break; - case 1: - result[j++] |= ch >> 4; - result[j] = (ch & 0x0f) << 4; - group = 2; - break; - case 2: - result[j++] |= ch >>2; - result[j] = (ch & 0x03) << 6; - group = 3; - break; - case 3: - result[j++] |= ch; - group = 0; - break; - } - } - - switch(group) { - case 0: - /* ended on boundary */ - break; - case 1: - /* need at least 2 base64 digits per group */ - return NULL; - case 2: - /* have 2 base64 digits in last group => one real octect, two zeroes padded */ - case 3: - /* have 3 base64 digits in last group => two real octects, one zero padded */ - - /* for both cases the current index already is on the first zero padded octet - * - check it really is zero (overlapping bits) */ - if (0 != result[j]) return NULL; - break; - } - - buffer_commit(out, j); - - return result; -} - static int http_auth_get_password(server *srv, mod_auth_plugin_data *p, buffer *username, buffer *realm, buffer *password) { int ret = -1; @@ -596,31 +502,20 @@ static void apr_md5_encode(const char *pw, const char *salt, char *result, size_ #ifdef USE_OPENSSL static void apr_sha_encode(const char *pw, char *result, size_t nbytes) { - static const unsigned char base64_data[65] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - unsigned char digest[21]; /* multiple of 3 for base64 encoding */ - int i; + unsigned char digest[20]; + size_t base64_written; + + SHA1((const unsigned char*) pw, strlen(pw), digest); memset(result, 0, nbytes); /* need 5 bytes for "{SHA}", 28 for base64 (3 bytes -> 4 bytes) of SHA1 (20 bytes), 1 terminating */ if (nbytes < 5 + 28 + 1) return; - SHA1((const unsigned char*) pw, strlen(pw), digest); - digest[20] = 0; - - strcpy(result, "{SHA}"); - result = result + 5; - for (i = 0; i < 21; i += 3) { - unsigned int v = (digest[i] << 16) | (digest[i+1] << 8) | digest[i+2]; - result[3] = base64_data[v & 0x3f]; v >>= 6; - result[2] = base64_data[v & 0x3f]; v >>= 6; - result[1] = base64_data[v & 0x3f]; v >>= 6; - result[0] = base64_data[v & 0x3f]; - result += 4; - } - result[-1] = '='; /* last digest character was already end of string, pad it */ - *result = '\0'; + memcpy(result, "{SHA}", 5); + base64_written = li_to_base64(result + 5, nbytes - 5, digest, 20, BASE64_STANDARD); + force_assert(base64_written == 28); + result[5 + base64_written] = '\0'; /* terminate string */ } #endif @@ -852,7 +747,7 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, username = buffer_init(); - if (!base64_decode(username, realm_str)) { + if (!buffer_append_base64_decode(username, realm_str, strlen(realm_str), BASE64_STANDARD)) { log_error_write(srv, __FILE__, __LINE__, "sb", "decodeing base64-string failed", username); buffer_free(username); |